Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I understand your struggle. I have worked with US and non-US orgs that are in similar boat.

In my experience this is often and at least in part a self-inflicted wound. As you describe your side of the business, it should not restricted, but it is. Maybe? Not enough detail to be certain.

What I see time and time again is business not willing to implement proper DLP, labeling and isolation of restricted things. Instead, they just throw everything into a single bucket, because it is quicker, faster, some of the risk and compliance is shifted to third party, and initially cheaper.

In short, a US, UK, Aus company that does government contracts will just force everyone into NOFORN, on-prem requirements (because DFARS, CMMC, CE+, Essential 8, or whatever). It is way quicker to do this for entire company than actually label data, isolate environment and resources, and so on.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: